Blogging Tools

Search all "Bits from Bill"

Monday, September 05, 2011

Dangerous Downloads on Legitimate Websites & Search Engines

There are a large number of websites that provide useful reviews and what seems like easy ways to download free software. Unfortunately, these websites also sell ads and allow advertisers to use well known software as keywords in their ads. The result is users often end up with software they can’t remove from their computer instead of what they were looking for.

Here’s an example of the page you’ll get if you search the popular download site, cnet’s Download.com for WinPatrol. Click image to enlarge.

Click any image to enlarge

You can see WinPatrol at the bottom of the page but if you’re not paying attention you might easily click on “Start Download”. The resulting download is not something you want on your system. My laptop is currently using the add-on Web of Trust which immediately warned me something was wrong.

Btw… if you’re interested, don’t search Google for “Web of Trust”. Instead of WOT, you’ll find a dangerous download using its keyword which I’ll talk more about below. Go to http://www.mywot.com/ if you’d like check out WOT.

Not all but some of the other downloads advertising on the Download.com page are also dangerous. For instance, the link that says “Spybot – Free Download” will not take you to the real Spybot - Search & Destroy program.

Beware of Search Engine Results

Even search engines like Google and Bing are selling search ads to bogus programs using the keywords of popular legitimate programs. If you search Google for “WinPatrol” you may be tricked into clicking on a dangerous deceptive link.

While it’s marked as an “Ad” the resulting page is not what you’ll want. It has no connection to WinPatrol. The criminals behind this site “bid” Googles Adwords for the keyword “WinPatrol” when purchasing this ad. It’s also impossible for small companies like BillP Studios to purchase advertisements. When advertising space is based on bidding, it’s impossible for me to compete with companies who behave in a deceptive manner.

Again, Web of Trust warns me not to continue.

The resulting page appears to be a review of WinPatrol. Don’t be fooled!

When you scroll down you'll find a bogus software report that claims to compare various anti-virus program. The problem is all of these programs come from the same company and most programs can not be removed until you pay an extortion fee. Even then you’ll need a real Anti-Malware program to remove them. The following is one of many programs that follow the WinPatrol review.

I didn’t dare click Free Scan but I did check Tucows and they never heard of this program. The chances that this company has a positive rating with the Better Business Bureau is, well… that’s a topic for another blog post.

So, always read the screen and know what you’re doing anytime you see a download or scan link. If you want to download a program make sure you’re on the actual company website. That way you’ll also be sure to download the most current release.

Use your voice and let search engines and download sites know you’re not happy. Forward this post to your friends or share it on Facebook. They’re making a lot of money so they can certainly afford to screen who advertises on their sites and watch for deceptive links.

Bing actually removed an ad after I contacted them about but they still need to clean up their act for other ads. I’ve written to a friend I trust at Google so perhaps I’ll see a change soon but the misuse of our WinPatrol keyword is one of many.

If you’re not sure about a filename you can always use WinPatrol to look it up. Your lifetime $29.95 purchase of WinPatrol PLUS means we don’t have to sell advertisements on the pages used to search file names. Droid users can also download our new DroidPatrol program to search for legitimate filenames.

Update 9/7/2011I’m pleased to report that Google no longer allows WinPatrol to be used to allow deceptive advertisers steal users. Thank you Google.

10 Comments:

I have the exact some problem with "Software Industry Report" for a product I am developing. It is a disk cleaning application that they are trying to compare to a rogue registry cleaner product (apples and oranges, I know...) The first sponsored Google result for my product is "System Ninja Exposed!"

It's so painful seeing a product you have worked hard on used to push malware. It's equally unfortunate that Google have done nothing about it after having written to them twice.

So much misnomer information and so much deception from many websites DO make life hard for the honest and misguided individuals.

So are the computer illiterate persons who have just for instance opened their first web page, downloading a SUPPOSED AWESOME and Free program they just thought may be the help to get started.

And WHAM!!! they get hit by soo many malicious attacks which inadvertently open several vulnerable incoming ports at the firewall. Some unfortunately have their computer rendered useless and becoming the paper-weight for the door.

Should anyone not possess Bill P's program Winpatrol for example, or a link scanner as included in AVG's free antivirus,

The best way to prevent being maliciously attacked via any search engine results is to type the "Web Address" shown under any possible dodgy sponsor link/web advertisement.

Typing the web address of the fully accredited online software company will always give you what you are after, rather than being attacked by trojans, malware, spyware and viruses in general.

90069Unfortunately, WOT is not reliable either, with lots of conflicts of interest -- based on WOT's own business model as well as organized retaliatory measures taken by bigger businesses in competition with small business websites. The only way WOT responds to these conflicts of interest is to question the motivations of those who see all this in action:

(2) WOT's website warnings do not take into account specific user experience detailed in on-site comments. They are merely an average of 0-100% ratings which require no specific explanation to support.

(3) Given WOT's methodology, the website of any business can be ruined by its competitors' executives, employees, friends and relatives logging in just for the purpose of entering 0% for competing websites without having to report justification for the numerical ratings.Comments which contain real experiences give more information but are not required of raters and in any event "don't figure into" the warnings.

Thanks for the article Bill, I'll send the URL to folks I know will appreciate the heads up. My 2 cents... Its always best to work up a defense strategy. A combination of approaches gives better coverage. Don't forget to backup. Consider sandboxing...it gives you a 2nd chance if you do click the wrong icon. WOT and Norton aren't perfect. There will be false positives. That's just how it is. Before you accuse them of cheating consider the shear volume of data they have to deal with. Be careful with the typing URLs approach. A mistake can get you phished. Well, maybe 3 cents.

The main focus of this article was the selling of keywords based on our product to deceptive companies.

I used WOT as an example but didn't intend to promote this particular program. I have had enough comments on WOT that I'll look at doing an article reviewing this product type in the future. Most of the comments have been pro-WOT.

just wondering: is it legally fraudulent to use your good name for advertising another product? and arent they causing your business damage by dumping malware in YOUR name on YOUR potential customers computers? is this malware company only using bill p keywords, or are they also (elsewhere) using other reputable small companies? if so, what would happen if enough small and reputable businesses so abused banded together to sue for damages, each of the bad-boys abusing their good name? would the threat of it bring this behavior to a halt? Could a group of developers pay google's fat fees, put up youtube videos, grab the limelight in as many ways as possible/

also, re wotno need to install wot to use it. just access wot website directly. OR: i use a firefox extension called flagfox, which is very useful and handy in evaluating a website, many available tools in a tiny unobtrusvie package: among its many other features it opens the wot site's page for the site i am investigating.